Whonix live mode / amnesia / amnesic / non-persistent / anti-forensics

Patrick · October 3, 2022, 12:21pm

Patrick · June 21, 2023, 11:22am

Patrick · June 21, 2023, 12:39pm

Added to Combine Kicksecure ™ Live VMs with Read-only Mode for Virtual Hard Drives chapter VirtualBox in Kicksecure wiki just now:

On Debian bookworm based Kicksecure ™ 17 (and above) / Newer VirtualBox versions:

VirtualBox might no longer support VBoxInternal/Devices/lsilogicsas/0/LUN#0/AttachedDriver/Config/ReadOnly. Settings set thorugh VBoxManage setextradata are not officially supported and might be gone at some time such as now.

VirtualBox documentation chapter Special Image Write Modes mentions immutable images but this might not be as good as read-only images.

Patrick · June 21, 2023, 12:41pm

Above two issues are not easy to fix.

Help welcome!

Link to source code:

github.com

Kicksecure/desktop-config-dist/blob/master/usr/share/livecheck/livecheck.sh

#!/bin/bash

## Copyright (C) 2018 - 2023 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## Copyright (C) 2018 Algernon <33966997+Algernon-01@users.noreply.github.com>
## See the file COPYING for copying conditions.

set -e

## sudo /bin/lsblk --all
##
## NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
## sda      8:0    0  100G  1 disk
##
## 1 means read-only
## 0 means read-write

## As soon as we have at least one "0" it is concluded: not live mode.

## when using snapd:
##

This file has been truncated. show original

Patrick · July 9, 2023, 2:45pm

rootovl vs overlayfs discussed here:
Boot Existing, Usual Linux Installation from Hard Disk in Live Mode / read-only mode with dracut · Issue #1565 · dracutdevs/dracut · GitHub

Patrick · August 14, 2023, 1:33pm

https://www.reddit.com/r/Whonix/comments/15q7vcs/have_the_dev_team_tested_the_antiforensic/

Patrick · January 13, 2024, 4:42am

issue with older build versions still using initramfs-tools and fix:

Patrick · August 20, 2024, 12:17pm

github.com/Kicksecure/desktop-config-dist

Convert livecheck tooltips to dialog

Kicksecure:master ← ben-grande:live-msg

opened 02:52PM - 19 Aug 24 UTC

ben-grande

+32 -15

This pull request changes... ## Changes Convert livecheck tooltips to dial…og and better messages. ## Mandatory Checklist - [x] Legal agreements accepted. By contributing to this organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements: [Terms of Service](https://www.kicksecure.com/wiki/Terms_of_Service), [Privacy Policy](https://www.kicksecure.com/wiki/Privacy_Policy), [Cookie Policy](https://www.kicksecure.com/wiki/Cookie_Policy), [E-Sign Consent](https://www.kicksecure.com/wiki/E-Sign_Consent), [DMCA](https://www.kicksecure.com/wiki/DMCA), [Imprint](https://www.kicksecure.com/wiki/Imprint) ## Optional Checklist The following items are optional but might be requested in certain cases. - [x] I have tested it locally: On Qubes and manually running options, not on full GUI - [x] I have reviewed and updated any documentation if relevant - [ ] I am providing new code and test(s) for it Fixes #

Patrick · August 20, 2024, 12:36pm

Merged.

Patrick · December 6, 2024, 11:09am

grub-live boot menu entry adding still having issues.

sh -x /etc/grub.d/11_linux_live

+ true grub-live /etc/grub.d/11_linux_live: START
+ set -e
+ set -o allexport
+ GRUB_DEVICE=/dev/disk/by-uuid/
+ unset GRUB_DEVICE_UUID
+ GRUB_DISTRIBUTOR=LIVE mode USER (For daily activities.)
+ GRUB_DISABLE_RECOVERY=true
+ pkg_installed initramfs-tools
+ local package_name
+ package_name=initramfs-tools
+ dpkg-query --show --showformat=${Status}\n initramfs-tools
+ [ deinstall ok config-files = install ok installed ]
+ true grub-live /etc/grub.d/11_linux_live: INFO: initramfs-tools is NOT installed.
+ return 1
+ pkg_installed dracut
+ local package_name
+ package_name=dracut
+ dpkg-query --show --showformat=${Status}\n dracut
+ [ install ok half-configured = install ok installed ]
+ true grub-live /etc/grub.d/11_linux_live: INFO: dracut is NOT installed.
+ return 1
+ echo grub-live /etc/grub.d/11_linux_live: ERROR: Neither initramfs-tools nor dracut is installed. Support for other initrd generators is not implemented. This means that no live mode boot menu entry will be added.

grub-live /etc/grub.d/11_linux_live: ERROR: Neither initramfs-tools nor dracut is installed. Support for other initrd generators is not implemented. This means that no live mode boot menu entry will be added.

+ exit 0

dpkg -l | grep dracut

ii  dracut                                059-4                                   all          Initramfs generator using udev
ii  dracut-core                           059-4                                   amd64        dracut is an event driven initramfs infrastructure (core tools)
ii  grub-live-dracut                      3:5.8-1                                 all          grub live dracut dependencies

The problem is, the output of dpkg-query is difficult to parse and it’s exceptionally difficult to reliably programatically detect package installation status.

Patrick · December 6, 2024, 3:04pm

Fixed.

Available in all repositories.

Patrick · December 10, 2024, 11:45pm

github.com/systemd/systemd

Boot Existing, Usual Linux Installation from Hard Disk in Live Mode / read-only mode / immutable mode

opened 11:44PM - 10 Dec 24 UTC

adrelanos

RFE 🎁

### Component other ### Is your feature request related to a problem? Please d…escribe Feature request. What I would like to do: 1. Install Linux to HDD (with FDE) using the usual installer. 2. Make any persistent changes normally. 3. Add a kernel parameters to boot into non-persistent live mode. 4. (Add an additional grub boot menu entry for ease of use to have a choice to boot into persistent mode or live (read-only) mode) The idea is to be able to alternative booting into persistent mode versus live mode. Similar to [this](https://forums.opensuse.org/showthread.php/540709-Booting-a-persistent-USB-Live-15-1-stick-without-further-persistence) (alternative way to phrase this question). Is this already possible with systemd? This is possible with dracut or initramfs-tools and grub. * [Essentially just only 1 grub configuration drop-in file.](https://github.com/Kicksecure/grub-live/blob/master/etc/grub.d/11_linux_live) + `sudo update-grub` * [Screenshots here.](https://www.kicksecure.com/wiki/Grub-live) The catch is, this is currently only possible as long as using for example `ext4` as file system. When using `btrfs`, systemd `home.mount` is responsible for mounting `/home`. ### Describe the solution you'd like systemd is already providing `systemd-volatile-root.service`. How about `systemd-volatile-home.service`? ### Describe alternatives you've considered A dracut module. ### The systemd version you checked that didn't have the feature you are asking for 257

Patrick · November 21, 2025, 7:22am

Patrick · November 21, 2025, 7:23am